IBMA9BB3B1DB9E5EAF0117B80B443AA3197261295C7A0DA1F02E25495CEAD58D3ADSecurity Bulletin: Vulnerabilities in autofs affect Power Hardware Management Console (CVE-2014-8169)
4.4 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
5.7%
Summary
autofs is used by Power Hardware Management Console (HMC). HMC has addressed the applicable CVEs.
Vulnerability Details
CVEID: CVE-2014-8169**
DESCRIPTION:** Red Hat autofs could allow a local attacker to gain elevated privileges on the system, caused by an error when an interpreted language is used by a program map. An attacker could exploit this vulnerability using USER and HOME environment variables to specify the interpreter load path and gain elevated privileges on the system.
CVSS Base Score: 4.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/101695 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P
Affected Products and Versions
Power HMC V8.1.0.0
Power HMC V8.2.0.0
Power HMC V8.3.0.0
Power HMC V8.4.0.0
Remediation/Fixes
The following fixes are available on IBM Fix Central
Product
|
VRMF
|
APAR
|
Remediation/Fix
—|—|—|—
Power HMC
|
V8.8.1.0 SP2
|
MB03967
|
Power HMC
|
V8.8.2.0 SP2
|
MB03968
|
Power HMC
|
V8.8.3.0 SP1
|
MB03969
|
Power HMC
|
V8.8.4.0
|
MH01559
|
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| power system hardware management console physical appliance | eq | any |
Related
4.4 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
5.7%